Skip to content

Bump Node.js to >=22.23.1#48839

Open
code-infra-renovate[bot] wants to merge 1 commit into
masterfrom
renovate/major-node
Open

Bump Node.js to >=22.23.1#48839
code-infra-renovate[bot] wants to merge 1 commit into
masterfrom
renovate/major-node

Conversation

@code-infra-renovate

@code-infra-renovate code-infra-renovate Bot commented Jul 19, 2026

Copy link
Copy Markdown
Contributor

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
node (source) engines major >=14.0.0>=22.23.1

Release Notes

nodejs/node (node)

v22.23.1: 2026-06-23, Version 22.23.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This release includes a fix for an unexpected behavior introduced
by the recent security release (22.23.0).

Commits

v22.23.0: 2026-06-18, Version 22.23.0 'Jod' (LTS), @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-48618) tls: normalize hostname for server identity checks (Matteo Collina) – High
  • (CVE-2026-48933) crypto: guard WebCrypto cipher output length (Filip Skokan) – High
  • (CVE-2026-48937) deps: fix integration issues with the latest nghttp2 – Medium
  • (CVE-2026-48930) dns,net: reject hostnames with embedded NUL bytes (Matteo Collina) – Medium
  • (CVE-2026-48619) http2: cap originSet size to prevent unbounded memory growth (Matteo Collina) – Medium
  • (CVE-2026-48615) lib,test: redact proxy credentials in tunnel errors (Matteo Collina) – Medium
  • (CVE-2026-48934) tls: bind reusable sessions to authenticated host (Matteo Collina) – Medium
  • (CVE-2026-48928) tls: fix case-sensitive SNI context matching (Matteo Collina) – Medium
  • (CVE-2026-48617) permission: handle process.chdir on writereport (RafaelGSS) – Low
  • (CVE-2026-48931) http: fix response queue poisoning in http.Agent (Matteo Collina) – Low
  • (CVE-2026-48935) permission: disable FileHandle utimes with permission model (RafaelGSS) – Low
Commits

v22.22.3: 2026-05-13, Version 22.22.3 'Jod' (LTS), @​marco-ippolito

Compare Source

Commits

v22.22.2: 2026-03-24, Version 22.22.2 'Jod' (LTS), @​RafaelGSS prepared by @​aduh95

Compare Source

This is a security release.

Notable Changes
  • (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) - High
  • (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) - High
  • (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) - Medium
  • (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) - Medium
  • (CVE-2026-21717) test array index hash collision (Joyee Cheung) - Medium
  • (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) - Low
  • (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) - Low
Commits

v22.22.1: 2026-03-05, Version 22.22.1 'Jod' (LTS)

Compare Source

Notable Changes
Commits

Note

PR body was truncated to here.


Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • Between 12:00 AM and 04:59 AM, only on Sunday (* 0-4 * * 7)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by self-hosted Renovate.

@code-infra-renovate code-infra-renovate Bot added the dependencies Update of dependencies. label Jul 19, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Update of dependencies.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants